More PH Government Websites Hacked, Private Data of Filipinos Compromised

By: Reigh John Bench Almendras
October 15, 2023
1704

The image of a troll-face meme was shown on the house of representatives official website, compromising private data of Filipinos. Photo courtesy of Rappler.

The latest cyber security breach involved the hacking of the House of Representatives (HoR) official website caused by a group called "3Musketeerz" earlier today, October 15. 

The hackers have defaced the committee hearing schedule and faced the home page with a troll meme.

Hackers have stolen the personal data of potentially millions of Filipinos as other government websites also experienced successful hacking in recent months.

 

Philhealth Online Records Stolen 

Last September 22, the Philippine Health and Insurance Corporation’s (PhilHealth) website with more than 59 million direct and indirect contributors was hacked by MedusaLocker - a group of hackers first detected in 2019 that mainly targets healthcare organizations to take advantage of the unprecedented rise of the COVID-19 Pandemic. 

The hackers demanded USD 300,000 (P 17,000,000) to restore access to PhilHeath computers and delete stolen data.

According to the National Privacy Commission (NPC), the agency has failed to meet the requirements of the hackers, causing leakage of the 734 gigabytes worth of data in the black market and telegram. 

This incident is the highest data breach by the government since the Commission on Elections’ (Comelec) “Comeleak” data breach in 2016.

 

PSA-CBMS Hacked

Last October 7, the official website of the Philippine Statistics Authority (PSA) was hacked.

In a statement released by the agency, they clarified that only the Community-Based Monitoring System (CBMS) was penetrated and not the Philippine Registration System (PhilSys) and the Civil Registration System which hold private information of registered Filipino citizens such as fingerprint, iris identification, and birth details.

Antivirus Software Expired and Poor Cyber Security Measures

PhilHealth confirmed that the agency’s antivirus software had already expired in April and might be the main cause of the hacking.

It has also been confirmed that most of the government agencies such as PhilHealth do not have Cyber Emergency Response Group to address cyber security issues, compromising data of the public.

 

Response of the Government

In a statement, the Department of Information and Technology (DICT) and PhilHealth Protection Office encouraged the public to be careful with possible fraudulent activities online. The public is advised not to provide their private information to any email and text messages from unverified sources.

PhilHealth shall also designate a helpdesk in their main and satellite offices to cater concerns of its patrons.

In a statement released on October 13, PSA assured that all data of the agency have back up copies and more than 100 consensus and surveys are safe from the attack.

HoR Secretary General Reginald Velasco also provided that they are communicating with the DICT and the Cybercrime Investigation and Coordinating Center (CICC) to address the HoR website attack.

In further response to the continuous website attacks, the government is planning to have its first sovereign cloud in partnership with PLDT, the Philippines’ leading telecommunications company, in hopes to address cyber security issues by storing private data in a centralized and an air-gap mode design not connected to the internet to inhibit hackers from infiltrating stored data.

Comments